public async Task ReturnsActivationRequestParams()
{
var userId = new Guid("{FF9C001A-075B-4ACB-B31F-07E818A56A99}");
var credentials = new OtpActivationRequestParams
{
UserId = userId
};
var secretKey = "secret key";
var securityUser = new SecurityUser
{
TwoFactorAuthenticationSecretKey = secretKey
};
_mock.Mock <ISecurityUserProvider>()
.Setup(provider => provider.GetByUserIdAsync(userId))
.ReturnsAsync(securityUser);
var service = _mock.Create <OtpDeactivationService>();
await service.DeactivateAsync(credentials);
var expected = new SecurityUser
{
TwoFactorAuthenticationSecretKey = null
};
ContentAssert.AreEqual(expected, securityUser);
_mock.Mock <IInventContext>()
.Verify(context => context.Update(securityUser), Times.Once);
_mock.Mock <IInventContext>()
.Verify(context => context.SaveChangesAsync(default(CancellationToken)), Times.Once);
}
public async Task ReturnsInvalidRequestWhenOtpCodeIsNotANumber()
{
var activationRequest = new OtpActivationRequestParams
{
Otp = "test",
};
var service = _mock.Create <OtpActivationRequestValidationService>();
var actual = await service.ValidateAsync(activationRequest);
Assert.AreEqual("OTP_INVALID_REQUEST", actual);
}
public void ReturnsActivationRequestParams()
{
var otp = "123456";
var password = "******";
var secretKey = "secret key123456";
var otpToken = "otp token";
var userId = new Guid("{289D2B80-8FFA-43FC-996A-871CC5145308}");
var credentials = new OtpActivationRequest
{
Otp = otp,
Password = password,
OtpToken = otpToken
};
var claimsPrincipal = new Mock <ClaimsPrincipal>().Object;
_mock.Mock <ITokenClaimsPrincipalFactory>()
.Setup(instance => instance.Create(otpToken))
.Returns(claimsPrincipal);
_mock.Mock <IUserIdClaimValueProvider>()
.Setup(instance => instance.GetValue())
.Returns(userId);
_mock.Mock <IOtpSecretKeyClaimValueProvider>()
.Setup(instance => instance.GetValue())
.Returns(secretKey);
_mock.Mock <IFactory <ClaimsPrincipal, IUserIdClaimValueProvider> >()
.Setup(factory => factory.Create(claimsPrincipal))
.Returns(_mock.Mock <IUserIdClaimValueProvider>().Object);
_mock.Mock <IFactory <ClaimsPrincipal, IOtpSecretKeyClaimValueProvider> >()
.Setup(factory => factory.Create(claimsPrincipal))
.Returns(_mock.Mock <IOtpSecretKeyClaimValueProvider>().Object);
var provider = _mock.Create <OtpActivationRequestParamProvider>();
var actual = provider.Get(credentials);
var secretKeyData = secretKey.FromBase32(config: Base32Config.Rfc);
var expected = new OtpActivationRequestParams
{
Otp = otp,
Password = password,
SecretKey = secretKeyData,
UserId = userId
};
ContentAssert.AreEqual(expected, actual);
}
public async Task ReturnsActivationRequestParams()
{
var otp = "123456";
var password = "******";
var secretKey = new byte[] { 1 };
var userId = new Guid("{289D2B80-8FFA-43FC-996A-871CC5145308}");
var user = new User
{
Id = userId
};
var credentials = new OtpDeactivationRequest
{
Otp = otp,
Password = password
};
var claimsPrincipal = _mock.Mock <ClaimsPrincipal>().Object;
var httpContext = _mock.Mock <HttpContext>().Object;
_mock.Mock <IOtpSecretKeyProvider>()
.Setup(instance => instance.ReadAsync(userId))
.ReturnsAsync(secretKey);
_mock.Mock <HttpContext>()
.SetupGet(context => context.User)
.Returns(claimsPrincipal);
_mock.Mock <IHttpContextAccessor>()
.SetupGet(accessor => accessor.HttpContext)
.Returns(httpContext);
_mock.Mock <ICurrentUserProvider>()
.Setup(instance => instance.GetUserAsync(claimsPrincipal))
.ReturnsAsync(user);
var provider = _mock.Create <OtpDeactivationRequestParamProvider>();
var actual = await provider.GetAsync(credentials);
var expected = new OtpActivationRequestParams
{
Otp = otp,
Password = password,
SecretKey = secretKey,
UserId = userId
};
ContentAssert.AreEqual(expected, actual);
}
public async Task ReturnsInvalidOtpCodeWhenCodeIsNotValid()
{
var secretKey = new byte[] { 1 };
var code = 123456;
var activationRequest = new OtpActivationRequestParams
{
Otp = code.ToString(),
SecretKey = secretKey,
};
_mock.Mock <IOtpCodeValidationService>()
.Setup(instance => instance.Validate(secretKey, code))
.Returns(false);
var service = _mock.Create <OtpActivationRequestValidationService>();
var actual = await service.ValidateAsync(activationRequest);
Assert.AreEqual("INVALID_OTP_CODE", actual);
}
public void ActivateReturnsBadResponseWhenRequestParamsNotValid()
{
var credentials = new OtpActivationRequest();
OtpActivationRequestParams activationParams = null;
_mock.Mock <IOtpActivationRequestParamProvider>()
.Setup(instance => instance.Get(credentials))
.Returns(activationParams);
_mock.Mock <IOtpActivationRequestValidationService>()
.Setup(instance => instance.ValidateAsync(activationParams))
.ReturnsAsync("VALID");
var controller = _mock.Create <AuthOtpController>();
var expected = new BadRequestException("OTP_INVALID_REQUEST");
ExceptionAssert.ThrowsAsync(expected, () => controller.Activate(credentials));
_mock.Mock <IOtpActivationService>()
.Verify(instance => instance.ActivateAsync(activationParams), Times.Never);
}
public async Task ActivateReturnsSuccessResponse()
{
var credentials = new OtpActivationRequest();
var activationParams = new OtpActivationRequestParams();
var userSettings = new UserSettingsDTO();
_mock.Mock <IOtpActivationRequestParamProvider>()
.Setup(instance => instance.Get(credentials))
.Returns(activationParams);
_mock.Mock <IOtpActivationRequestValidationService>()
.Setup(instance => instance.ValidateAsync(activationParams))
.ReturnsAsync("VALID");
_mock.Mock <IOtpActivationService>()
.Setup(instance => instance.ActivateAsync(activationParams))
.ReturnsAsync(userSettings);
var controller = _mock.Create <AuthOtpController>();
var actual = await controller.Activate(credentials);
ContentAssert.AreEqual(userSettings, actual);
}
public async Task ReturnsValidWhenRequestIsValid()
{
var secretKey = new byte[] { 1 };
var code = 123456;
var activationRequest = new OtpActivationRequestParams
{
Otp = code.ToString(),
SecretKey = secretKey,
Password = "******",
UserId = _user.Id
};
_mock.Mock <IOtpCodeValidationService>()
.Setup(instance => instance.Validate(secretKey, code))
.Returns(true);
_mock.Mock <IUserManager>()
.Setup(instance => instance.CheckPasswordAsync(_user, activationRequest.Password))
.ReturnsAsync(true);
var service = _mock.Create <OtpActivationRequestValidationService>();
var actual = await service.ValidateAsync(activationRequest);
Assert.AreEqual("VALID", actual);
}
public async Task ReturnsInvalidRequestWhenUserIdIsNotMatch()
{
var secretKey = new byte[] { 1 };
var code = 123456;
var activationRequest = new OtpActivationRequestParams
{
Otp = code.ToString(),
SecretKey = secretKey,
Password = "******",
UserId = new Guid("{5ABF33C4-ED8E-405C-AE6A-D06AD6D2AFFC}")
};
_mock.Mock <IOtpCodeValidationService>()
.Setup(instance => instance.Validate(secretKey, code))
.Returns(true);
_mock.Mock <IUserManager>()
.Setup(instance => instance.CheckPasswordAsync(_user, activationRequest.Password))
.ReturnsAsync(true);
var service = _mock.Create <OtpActivationRequestValidationService>();
var actual = await service.ValidateAsync(activationRequest);
Assert.AreEqual("OTP_INVALID_REQUEST", actual);
}